Geo-fence authorization provisioning

ABSTRACT

A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.

CLAIM OF PRIORITY

This application is a continuation of and claims the benefit of priorityof U.S. patent application Ser. No. 15/074,029, filed Mar. 18, 2016,which claims the benefit of U.S. Provisional Application Ser. No.62/134,689, filed Mar. 18, 2015, which are hereby incorporated byreference in their entirety.

TECHNICAL FIELD

The subject matter disclosed herein relates generally to exchangingelectronic content in a computer network. More particularly, certainexamples relate to authorization processes for access to a geo-locationrestricted collection of content associated with an event or entity.

BACKGROUND

Mobile devices, such as smartphones, are used to generate content. Thecontent may be text messages, photographs (with or without augmentingtext) and videos. Users can share such content with individuals in theirsocial network. However, there is no mechanism for sharing content withstrangers that are participating in a common event or entity.

BRIEF DESCRIPTION OF THE FIGURES

Example embodiments will be more fully appreciated in connection withthe following detailed description taken in conjunction with theaccompanying drawings, in which:

FIG. 1 illustrates a system configured in accordance with an embodiment.

FIG. 2 illustrates server side processing associated with an embodiment.

FIG. 3 illustrates client side processing associated with an embodiment.

FIGS. 4-8 illustrate graphical user interfaces that may be associatedwith embodiments.

FIG. 9 is a flowchart illustrating a method, according to an exampleembodiment, of provisioning geo-fence authorization.

FIG. 10 is a table illustrating a user profile table, according to anexample embodiment.

FIG. 11 illustrates an example mobile device that may be executing amobile operating system, according to an example embodiment.

FIG. 12 is a block diagram illustrating architecture of software, whichmay be installed on any one or more of devices described above.

FIG. 13 is a block diagram illustrating components of a machine,according to some example embodiments, able to read instructions from amachine-readable medium (e.g., a machine-readable storage medium) andperform any one or more of the methodologies discussed herein.

Like reference numerals refer to corresponding parts throughout theseveral views of the drawings.

DETAILED DESCRIPTION

The provisioning of authorization to access content (e.g., a collectionof content posted by users, such as a Snapchat Story) based ongeolocation is a delicate matter. On the one hand, access should not betoo restrictive, particularly with respect to potential contributors andposters who are located within a geo-fence associated with an event orlocation (e.g., on a university campus). On the other hand, privacyrights and other concerns may make it undesirable to simply provisioncontent access to any user who is located within a geo-fence. Lookingspecifically at the example of a university campus, it may beundesirable (or even dangerous) to allow anyone simply located on thecampus to access and view photographs and other content posted bystudents. Numerous technical challenges exist in the provisioning ofsuch content access.

Various example methods are described for provisioning access to contentbased, not only on geolocation within a geo-fence, but also based onvarious secondary data and criteria. Such data includes, for example,communication identifiers (e.g., an email address) associated with anauthorized entity or institution (e.g., indicating a domain of aparticular university or company), as well as activity data regarding auser stored in a user profile that serves as the basis for supplementalauthorization decisioning. Such activity data may include communicationsmetadata (e.g., historical data regarding other content collections towhich a particular user has had access) and device activity data (e.g.,screenshot activity or image manipulation using geo-filters). Othersecondary data that may be used includes device signature or settinginformation (e.g., a language setting) or a real-time image processing(e.g. using facial recognition).

This secondary data may be processed to determine whether a particularuser has had sufficient and meaningful contacts with an entity or event,or with previous content collections associated with an event or entity(e.g., a previous Snapchat Story for a particular university campus). Anexample system for addressing of the technical challenges associatedwith the provisioning of content access within a geo-fence is describedbelow.

FIG. 1 illustrates a system 100 configured in accordance with anembodiment. The system 100 includes a set of client devices 102_1through 102_N and at least one server 104 connected via a network 106.The network 106 may be any combination of wired or wireless networks.

Each client device 102 has standard components, such as a centralprocessing unit 110 and input/output devices 112 connected via a bus114. The input/output devices 112 may include a touch display, dedicatedcontrol buttons, physical connectors, speakers and the like. A networkinterface circuit 116 is also connected to the bus 114 and providesconnectivity to network 106. A memory 120 is also connected to the bus114. A communication application 122 is implemented by CPU 110 tocoordinate communications with server 104 and/or other client devices.The client device may be in the form of a tablet, smartphone, wearabletechnology, laptop computer or desktop computer.

The server 104 also includes standard components, such as a centralprocessing unit 130, a bus 132, input/output devices 134 and a networkinterface circuit 136. A memory 140 is connected to the bus 132. Acommunication module 142 is implemented by the CPU 130 to coordinatecommunications with client devices 102. An event gallery module 144 isimplemented by the CPU 130 to store messages from participants in a liveevent. The messages form an event gallery, which may be supplied to aclient device 102 in response to a request from a client device 102. Theserver 104 also includes or is connected to a database 150 that isaccessible via the bus 132 by the communication module 142 and the eventgallery module 144. The database 150 may operate as a user profiledatabase and store a user profile table (described in further detailbelow) used for secondary authentication operations.

FIG. 2 illustrates operations associated with an embodiment of the eventgallery module 144. The top of the figure illustrates a set of messagesenders, e.g. Sender_1 through Sender_N. Each message sender isassociated with a client device 102. The communication application 122is configured to accompany a message with geo-location information.Typically, the geo-location information will be collected from a GPSchip resident in the client device. However, other geo-locationinformation may also be used, such as cellular network geo-locationinformation, self-reported geo-location information and the like.

The event gallery module 144 includes an administrative interface thatallows one to define an event. For example, the administrative interfacemay prompt an event planner for event name, event description, eventdate, event time and event location. The event location is specified inphysical coordinates (e.g., GPS coordinates) that define a geo-locationfence associated with the event.

As previously indicated, messages from senders include geo-locationinformation. The server 104 receives such messages and geo-location data200 from any number of senders. For each message, an authorizationprocess (or processes) (202) may be performed to authorize posting ofcontent to an event gallery 204. For example, the geo-location data maybe compared to the geo-location fence. If the message was not sent fromwithin the geo-location fence, it is not from a permitted position andit is therefore discarded. If the message is from a permitted position,the message is posted to an event gallery 204. In other exampleembodiments, secondary authorization processes, as described in furtherdetail below, may be performed in order to assess whether a message isto be posted to an event gallery 204, or alternatively discarded.

The event gallery module 144 may include a curation interface thatallows an event planner to optionally curate the event gallery 206. Forexample, the curation interface may allow the event planner to deleteinappropriate or redundant messages. The final operation of FIG. 2 is tosupply the event gallery in response to requests 208 from any number ofusers.

FIG. 3 illustrates processing associated with the communicationapplication 122 resident on a client device 102. The communicationapplication 122 sends a registration request 300. The registrationrequest may be an explicit request to join or follow an event.Alternately, the registration request may be triggered by sendinggeo-location data to server 104. The event gallery module 144 determineswhether the client device is authorized to register to join or followthe event. For example, the event gallery module 144 may determinewhether the geo-location data corresponds to a geo-location fenceassociated with an event. In other embodiments, secondary authorizationprocesses, as described in further detail below, may be performed inorder to assess whether the client device is authorized to join orfollow the event.

Event gallery prompt information is received 302 in response to arequest. The event gallery prompt information may be indicia of theevent, such as a brand, a textual description and the like. The eventgallery prompt information is added to a selectable destination list 304(i.e., a list of recipients for a particular message or piece ofcontent). The selectable destination list 304 includes individuals in auser's social network. In this case, the selectable destination list isaugmented with indicia of an event.

If a user generates a message (306—Yes) the destination list is supplied308. The destination list includes individuals in a user's socialnetwork and indicia of the event and/or event gallery. If the eventgallery is selected (310), the user is added as a follower of the event312. So, for example, in the case where the user received the eventgallery prompt in response to simply communicating geo-location data,the user may formally follow the event by posting a message (sharedstory) to the event gallery. That is, the event gallery module 144 addsthe user to a list of event followers in response to the user posting amessage to the event gallery. Finally, messages are sent to recipientsdesignated on the selectable destination list 314. These recipients mayinclude individuals in the user's social network or have some otherassociation with the user (e.g., common membership within a club,similar hobby, attended the same university, etc.).

FIG. 4 is an example of a message taken at an event. In this example,the message is a photograph, which may be augmented with text or othergraphic. FIG. 5 illustrates a selectable destination list 500. Theselectable destination list 500 includes an entry for a live event 502and entries 504 for individuals in a social network. Selecting the liveevent 502 (which may have as followers members from the user's socialnetwork as well as individuals or entities with no relation to the user)from the selectable destination list 500 may result in a prompt as shownin FIG. 6. The prompt may explain terms associated with posting contentto the event gallery. FIG. 7 illustrates an interface listing friends ina social network and one or more events that are being followed.

FIG. 8 is an example of an event gallery 800. The event gallery 800includes individual posted content 802 (e.g., messages including images,video, text and audio). The event gallery 800 may be available for aspecified transitory period. For example, the specified transitoryperiod may be the duration of an event. Indicia of the event gallery mayappear in a list of friends (e.g., destination list) for the duration ofthe event. In one embodiment, the event gallery has individual ephemeralmessages shown in a sequence. For example, a first image is shown forfive seconds, and then a second image is shown for three seconds, etc.

An event gallery may be open to all event participants. Alternately, anevent gallery may be formed for a subset of participants selected from adestination list or some other list (e.g., a list of co-workers at anevent). An embodiment maintains an ongoing event gallery (shared story)for a geo-location. For example, the shared story may extend overmonths. Alternately, the shared story may be renewed every twenty-fourhour period at a specified geo-location.

FIG. 9 is a flowchart illustrating a method 900, according to an exampleembodiment, to authorize postings of a message (or other content) to anevent gallery. The method 900 may be used to perform authorization orverification operations as part of the operation 202 of FIG. 2 or aspart of the registration operation 300 of FIG. 3.

The method 900 commences at operation 902 and is followed by thereceipt, at operation 904, of a request from a device to post a message(or other content) to an event gallery, or to register to join or followan event. The request is received by the communication module 142.

The request to post, join or follow includes geolocation data indicatinga location of a requesting device (e.g., a smart phone) from which therequest was received, as well as identification data identifying therequesting device or a user operating the requesting device. Thegeolocation data may, for example, be GPS coordinates provided by a GPSmodule of a client device 102, or location data determined by the clientdevice 102 using Wi-Fi or cell tower triangulation. The identificationdata may include an email address of the operator of the client device102, an identifier of the client device 102 (e.g., an Electronic SerialNumber (ESN), a Mobile Identification Number (MIN), or a SystemIdentification Code (SID), a device signature (e.g., generated using thesettings of the client device 102), or an IP address of a wirelessnetwork via which the request was transmitted. The identification datamay also include real-time visual data (e.g., a picture of the face of asending user or of an environment in which the sending user is located).

At operation 906, the communication module 142 parses the receivedrequest, and extracts the geolocation data and identification data. Theextracted data 908 is then provided by the communication module 1422 tothe event gallery module 144.

At operation 910, the event gallery module 144 performs a firstauthorization operation, by determining whether the geolocation data,extracted from the request, corresponds to a geolocation fenceassociated with an event gallery for a specific event or entity. If thegeolocation data does not correspond to the relevant geolocation fence,authorization is denied at operation 912, and the method 900 terminatesat operation 914.

On the other hand, should the geolocation data correspond to therelevant geolocation fence, the event gallery module 144, at operation916, performs a second authorization operation that includes using theidentification data, extracted at operation 906, to verify an attributeof the user. This second authorization operation is useful for ensuringthat only qualified users are able to contribute to the specific eventgallery, or to join (or follow) an event for which the event galleryexists. If the second authorization operation fails, authorization isagain denied at operation 912. The authorization method 900 terminatesat operation 914.

The performance of the second authorization operation may involve anynumber of sub-operations using, for example, the identification dataextracted at operation 906. These various sub operations may beperformed against user profile data, stored as part of a user profiletable (discussed below with reference to FIG. 10) in the database 150,which is accessed by the event gallery module 144.

In a first example authorization sub-operation, an email addressincluded in the request is used to perform the second authorization.Specifically, the domain name portion of the email address (e.g., john@lmu.edu) may be compared against the domain name of an entity ororganization (e.g., Loyola Marymount University) associated with anevent. In this example, Loyola Marymount University (LMU) may be thelocation of a concert event John is seeking to join or follow, or theconcert event may have an event gallery to which John is seeking tocontribute.

In this sub-operation, the event gallery module 144 may also have accessto a database of qualified email addresses for a particular entity ororganization. For example LMU, through agreement with an operator of thesystem 100, may provide access to a database of authorized emailaddresses for this university. In a further embodiment, email addressesmay be verified against a database of entity email addresses source froma third party (e.g., a social networking site).

In a second example authorization sub-operation, an IP address includedin the request may be used to perform the authorization. For example,authorization may be restricted to only those devices posting (orotherwise accessing) from a campus Wi-Fi network, where the relevantevent is being hosted on a university campus (or the university is insome other way associated with the event).

In further example authorization sub-operations, communications,activity and/or visual data included within a user profile is used aspart of the second authorization process. FIG. 10 is a data diagram,illustrating an example user profile table 1002 that may be maintainedwithin the database 150. The table 1002 is maintained by a user profilesub module of the event gallery module 144. Turning specifically to theuser profile table 1002, the table is shown to include the followinginformation for each user: a user identifier 1004, a messaging systemidentifier 1006 (e.g., an identifier used by the system 100), one ormore email addresses 1008, multiple instances of activity data 1010(e.g. a user's screen capture behavior or activity, image filter usageetc.), multiple instances of communications (or posting) data 1012(e.g., contribution history to various event galleries or contentcollections for events) and multiple instances of user visual data 1014(e.g., face or location images associated with the user). The userprofile table 1002 may also include device setting data 1016. Otherexamples utilizable information include area code, phone number, etc.For example, the language setting of a user's phone may be a usefulcriterion for provisioning geo-fence authorization to users in specificcountries or regions.

Returning to the description of authorization sub operations usinghistorical activity, communications and/or visual data stored within auser profile table 1002, the following communications data may be usedin authorization sub operations:

-   -   Recency of contributions to a specific event gallery (e.g., to        an event gallery associated with the same (common) entity to        which the user is now requesting to provide contributions).    -   Frequency of sending and receiving communications (e.g.,        ephemeral messages) to and from other users who have previously        contributed to (or who are authorized to contribute to) the        relevant event gallery.    -   Frequency of viewing event galleries (e.g., Snapchat Stories) of        another user who previously contributed to a specific event        gallery (e.g., an eligible Snapchat Story associated with the        same entity (e.g. a university) hosting the event that the user        is now seeking to join or follow).    -   Information or habits regarding a user's friends or contacts        activity, including the level of their friends/contacts        participation in a specific event gallery. Thus, a user may be        granted access to a gallery if a certain number of his or her        friends (or phone contacts from his/her device) have        participated in posting to the gallery.

Completion of a past event gallery (e.g., access to first and lastcontent items in a gallery sequence), indicating an intimacy orconnectedness with an event gallery to which the user may now be seekingaccess.

Activity data 1010, which provides a history of user activities withrespect to a specific application (e.g., the communications application122) may likewise be used in an authorization sub-operation. Examples ofsuch activity data include data indicating whether a user has applied aimage filter (e.g., a Snapchat geo-filter) that is relevant to aparticular location or event (e.g., a geo-filter that is associated witha specific university campus), or viewed an image/collection of imagesto which such a location-relevant image filter has been applied.Similarly, a user's preferences for a particular activity (e.g., auser's hobby), as determined by web browsing or other activity may beused to as well.

The activity data 1010 may also record a user's screen capture (e.g.,“screenshotting”) behavior or activity on a mobile device, which canalso be applied in the authorization sub-operation. Consider that a usermay have performed a screen capture operation on a mobile device at aparticular location which is within a geo-fence, or sufficientlyproximate to a location associated with an event. This information maybe computed and used in the authorization sub-operation.

In one example, the user visual data 1014 is used in provisioninggeo-fence authorization by determining whether a user's face waspreviously presented in an approved event gallery. If so, the user'sface may be associated with a user account from “selfies” that the usercaptured using a mobile device or camera. In this example, areal-time-image of a user's face (or data generated from such an image)is included in the request received at operation 904. This real-timeimage data may be compared against the user visual data 1014 to verifythe user, and also compared against images (e.g., selfies) present inanother event gallery associated with an authorized entity (e.g., todetermine whether a “selfie” depicting the user is present in anotherSnapchat Story approved for a particular university). If such acorrelation is detected, geo-fence authorization may be approved atoperation 916.

The device setting data 1016 (e.g., language settings), may also be usedas an authorization sub-operation to provision geo-fence authorizationin specific regions. For example, where the language settings of aparticular device indicate a specific language preference (e.g.,German), access to an event gallery for an event occurring in Germanymay be selectively authorized based on the determined languagepreference.

In addition to the examples described above, other concepts are alsoutilizable as an authorization sub-operation, including express actionsrequired of the user. For example, in some embodiments, a user may beprompted for a password required for access to a gallery.

Modules, Components, and Logic

Certain embodiments are described herein as including logic or a numberof components, modules, or mechanisms. Modules may constitute eithersoftware modules (e.g., code embodied on a machine-readable medium or ina transmission signal) or hardware modules. A “hardware module” is atangible unit capable of performing certain operations and may beconfigured or arranged in a certain physical manner. In various exampleembodiments, one or more computer systems (e.g., a standalone computersystem, a client computer system, or a server computer system) or one ormore hardware modules of a computer system (e.g., a processor or a groupof processors) may be configured by software (e.g., an application orapplication portion) as a hardware module that operates to performcertain operations as described herein.

In some embodiments, a hardware module may be implemented mechanically,electronically, or any suitable combination thereof. For example, ahardware module may include dedicated circuitry or logic that ispermanently configured to perform certain operations. For example, ahardware module may be a special-purpose processor, such as aField-Programmable Gate Array (FPGA) or an Application SpecificIntegrated Circuit (ASIC). A hardware module may also includeprogrammable logic or circuitry that is temporarily configured bysoftware to perform certain operations. For example, a hardware modulemay include software encompassed within a general-purpose processor orother programmable processor. It will be appreciated that the decisionto implement a hardware module mechanically, in dedicated andpermanently configured circuitry, or in temporarily configured circuitry(e.g., configured by software) may be driven by cost and timeconsiderations.

Accordingly, the phrase “hardware module” should be understood toencompass a tangible entity, be that an entity that is physicallyconstructed, permanently configured (e.g., hardwired), or temporarilyconfigured (e.g., programmed) to operate in a certain manner or toperform certain operations described herein. As used herein.“hardware-implemented module” refers to a hardware module. Consideringembodiments in which hardware modules are temporarily configured (e.g.,programmed), each of the hardware modules need not be configured orinstantiated at any one instance in time. For example, where a hardwaremodule comprises a general-purpose processor configured by software tobecome a special-purpose processor, the general-purpose processor may beconfigured as respectively different special-purpose processors (e.g.,comprising different hardware modules) at different times. Software mayaccordingly configure a particular processor or processors, for example,to constitute a particular hardware module at one instance of time andto constitute a different hardware module at a different instance oftime.

Hardware modules can provide information to, and receive informationfrom, other hardware modules. Accordingly, the described hardwaremodules may be regarded as being communicatively coupled. Where multiplehardware modules exist contemporaneously, communications may be achievedthrough signal transmission (e.g., over appropriate circuits and buses)between or among two or more of the hardware modules. In embodiments inwhich multiple hardware modules are configured or instantiated atdifferent times, communications between such hardware modules may beachieved, for example, through the storage and retrieval of informationin memory structures to which the multiple hardware modules have access.For example, one hardware module may perform an operation and store theoutput of that operation in a memory device to which it iscommunicatively coupled. A further hardware module may then, at a latertime, access the memory device to retrieve and process the storedoutput. Hardware modules may also initiate communications with input oroutput devices, and can operate on a resource (e.g., a collection ofinformation).

The various operations of example methods described herein may beperformed, at least partially, by one or more processors that aretemporarily configured (e.g., by software) or permanently configured toperform the relevant operations. Whether temporarily or permanentlyconfigured, such processors may constitute processor-implemented modulesthat operate to perform one or more operations or functions describedherein. As used herein. “processor-implemented module” refers to ahardware module implemented using one or more processors.

Similarly, the methods described herein may be at least partiallyprocessor-implemented, with a particular processor or processors beingan example of hardware. For example, at least some of the operations ofa method may be performed by one or more processors orprocessor-implemented modules. Moreover, the one or more processors mayalso operate to support performance of the relevant operations in a“cloud computing” environment or as a “software as a service” (SaaS).For example, at least some of the operations may be performed by a groupof computers (as examples of machines including processors), with theseoperations being accessible via a network (e.g., the Internet) and viaone or more appropriate interfaces (e.g., an Application ProgramInterface (API)).

The performance of certain of the operations may be distributed amongthe processors, not only residing within a single machine, but deployedacross a number of machines. In some example embodiments, the processorsor processor-implemented modules may be located in a single geographiclocation (e.g., within a home environment, an office environment, or aserver farm). In other example embodiments, the processors orprocessor-implemented modules may be distributed across a number ofgeographic locations.

Applications

FIG. 11 illustrates an example mobile device 1100 that may be executinga mobile operating system (e.g., iOS™. Android™. Windows® Phone, orother mobile operating systems), according to example embodiments. Inone embodiment, the mobile device 1100 may include a touch screen thatmay receive tactile information from a user 1102. For instance, the user1102 may physically touch 1104 the mobile device 1100, and in responseto the touch 1104, the mobile device 1100 may determine tactileinformation such as touch location, touch force, gesture motion, and soforth. In various example embodiment, the mobile device 1100 may displayhome screen 1106 (e.g., Springboard on iOS™) that the user 1102 of themobile device 1100 may use to launch applications and otherwise managethe mobile device 1100. In various example embodiments, the home screen1106 may provide status information such as battery life, connectivity,or other hardware status. The home screen 1106 may also include aplurality of icons that may be activated to launch applications, forexample, by touching the area occupied by the icon. Similarly, otheruser interface elements may be activated by touching an area occupied bya particular user interface element. In this manner, the user 1102 mayinteract with the applications.

Many varieties of applications (also referred to as “apps”) may beexecuting on the mobile device 1100. The applications may include nativeapplications (e.g., applications programmed in Objective-C running oniOS™ or applications programmed in Java running on Android™), mobile webapplications (e.g., HTML5), or hybrid applications (e.g., a native shellapplication that launches an HTML5 session). In a specific example, themobile device 1100 may include a messaging app 1120, audio recording app1122, a camera app 1124, a book reader app 1126, a media app 1128, afitness app 1130, a file management app 1132, a location app 1134, abrowser app 1136, a settings app 1138, a contacts app 1140, a telephonecall app 1142, other apps (e.g., gaming apps, social networking apps,biometric monitoring apps), a third party app 1144, and so forth.

Software Architecture

FIG. 12 is a block diagram 1200 illustrating an architecture of software1202, which may be installed on any one or more of devices describedabove. FIG. 12 is merely a non-limiting example of a softwarearchitecture and it will be appreciated that many other architecturesmay be implemented to facilitate the functionality described herein. Thesoftware 1202 may be executing on hardware such as machine 1300 of FIG.13 that includes processors 1310, memory 1330, and I/O components 1350.In the example architecture of FIG. 12, the software 1202 may beconceptualized as a stack of layers where each layer may provideparticular functionality. For example, the software 1202 may includelayers such as an operating system 1204, libraries 1206, frameworks1208, and applications 1210. Operationally, the applications 1210 mayinvoke application programming interface (API) calls 1212 through thesoftware stack and receive messages 1214 in response to the API calls1212.

The operating system 1204 may manage hardware resources and providecommon services. The operating system 1204 may include, for example, akernel 1220, services 1222, and drivers 1224. The kernel 1220 may act asan abstraction layer between the hardware and the other software layers.For example, the kernel 1220 may be responsible for memory management,processor management (e.g., scheduling), component management,networking, security settings, and so on. The services 1222 may provideother common services for the other software layers. The drivers 1224may be responsible for controlling or interfacing with the underlyinghardware. For instance, the drivers 1224 may include display drivers,camera drivers, Bluetooth® drivers, flash memory drivers, serialcommunication drivers (e.g., Universal Serial Bus (USB) drivers), Wi-Fi®drivers, audio drivers, power management drivers, and so forth.

The libraries 1206 may provide a low-level common infrastructure thatmay be utilized by the applications 1210. The libraries 1206 may includesystem 1230 libraries (e.g., C standard library) that may providefunctions such as memory allocation functions, string manipulationfunctions, mathematic functions, and the like. In addition, thelibraries 1206 may include API libraries 1232 such as media libraries(e.g., libraries to support presentation and manipulation of variousmedia format such as MPREG4, H.264, MP3, AAC. AMR, JPG. PNG), graphicslibraries (e.g., an OpenGL framework that may be used to render 2D and3D in a graphic content on a display), database libraries (e.g., SQLitethat may provide various relational database functions), web libraries(e.g., WebKit that may provide web browsing functionality), and thelike. The libraries 1206 may also include a wide variety of otherlibraries 1234 to provide many other APIs to the applications 1210.

The frameworks 1208 may provide a high-level common infrastructure thatmay be utilized by the applications 1210. For example, the frameworks1208 may provide various graphic user interface (GUI) functions,high-level resource management, high-level location services, and soforth. The frameworks 1208 may provide a broad spectrum of other APIsthat may be utilized by the applications 1210, some of which may bespecific to a particular operating system or platform.

The applications 1210 include a home application 1250, a contactsapplication 1252, a browser application 1254, a book reader application1256, a location application 1258, a media application 1260, a messagingapplication 1262, a game application 1264, and a broad assortment ofother applications such as third party application 1266. In a specificexample, the third party application 1266 (e.g., an applicationdeveloped using the Android™ or iOS™ software development kit (SDK) byan entity other than the vendor of the particular platform) may bemobile software running on a mobile operating system such as iOS™,Android™. Windows® Phone, or other mobile operating systems. In thisexample, the third party application 1266 may invoke the API calls 1212provided by the mobile operating system 1204 to facilitate functionalitydescribed herein.

Example Machine Architecture and Machine-Readable Medium

FIG. 13 is a block diagram illustrating components of a machine 1300,according to some example embodiments, able to read instructions from amachine-readable medium (e.g., a machine-readable storage medium) andperform any one or more of the methodologies discussed herein.Specifically, FIG. 13 shows a diagrammatic representation of the machine1300 in the example form of a computer system, within which instructions1316 (e.g., software, a program, an application, an applet, an app, orother executable code) for causing the machine 1300 to perform any oneor more of the methodologies discussed herein may be executed. Inalternative embodiments, the machine 1300 operates as a standalonedevice or may be coupled (e.g., networked) to other machines. In anetworked deployment, the machine 1300 may operate in the capacity of aserver machine or a client machine in a server-client networkenvironment, or as a peer machine in a peer-to-peer (or distributed)network environment. The machine 1300 may comprise, but not be limitedto, a server computer, a client computer, a personal computer (PC), atablet computer, a laptop computer, a netbook, a set-top box (STB), apersonal digital assistant (PDA), an entertainment media system, acellular telephone, a smart phone, a mobile device, a wearable device(e.g., a smart watch), a smart home device (e.g., a smart appliance),other smart devices, a web appliance, a network router, a networkswitch, a network bridge, or any machine capable of executing theinstructions 1316, sequentially or otherwise, that specify actions to betaken by machine 1300. Further, while only a single machine 1300 isillustrated, the term “machine” shall also be taken to include acollection of machines 1300 that individually or jointly execute theinstructions 1316 to perform any one or more of the methodologiesdiscussed herein.

The machine 1300 may include processors 1310, memory 1330, and I/Ocomponents 1350, which may be configured to communicate with each othervia a bus 1302. In an example embodiment, the processors 1310 (e.g., aCentral Processing Unit (CPU), a Reduced Instruction Set Computing(RISC) processor, a Complex Instruction Set Computing (CISC) processor,a Graphics Processing Unit (GPU), a Digital Signal Processor (DSP), anApplication Specific Integrated Circuit (ASIC), a Radio-FrequencyIntegrated Circuit (RFIC), another processor, or any suitablecombination thereof) may include, for example, processor 1312 andprocessor 1314 that may execute instructions 1316. The term “processor”is intended to include multi-core processor that may comprise two ormore independent processors (also referred to as “cores”) that mayexecute instructions contemporaneously. Although FIG. 13 shows multipleprocessors, the machine 1300 may include a single processor with asingle core, a single processor with multiple cores (e.g., a multi-coreprocess), multiple processors with a single core, multiple processorswith multiples cores, or any combination thereof.

The memory 1330 may include a main memory 1332, a static memory 1334,and a storage unit 1336 accessible to the processors 1310 via the bus1302. The storage unit 1336 may include a machine-readable medium 1338on which is stored the instructions 1316 embodying any one or more ofthe methodologies or functions described herein. The instructions 1316may also reside, completely or at least partially, within the mainmemory 1332, within the static memory 1334, within at least one of theprocessors 1310 (e.g., within the processor's cache memory), or anysuitable combination thereof, during execution thereof by the machine1300. Accordingly, the main memory 1332, static memory 1334, and theprocessors 1310 may be considered as machine-readable media 1338.

As used herein, the term “memory” refers to a machine-readable medium1338 able to store data temporarily or permanently and may be taken toinclude, but not be limited to, random-access memory (RAM), read-onlymemory (ROM), buffer memory, flash memory, and cache memory. While themachine-readable medium 1338 is shown in an example embodiment to be asingle medium, the term “machine-readable medium” should be taken toinclude a single medium or multiple media (e.g., a centralized ordistributed database, or associated caches and servers) able to storeinstructions 1316. The term “machine-readable medium” shall also betaken to include any medium, or combination of multiple media, that iscapable of storing instructions (e.g., instructions 1316) for executionby a machine (e.g., machine 1300), such that the instructions, whenexecuted by one or more processors of the machine 1300 (e.g., processors1310), cause the machine 1300 to perform any one or more of themethodologies described herein. Accordingly, a “machine-readable medium”refers to a single storage apparatus or device, as well as “cloud-based”storage systems or storage networks that include multiple storageapparatus or devices. The term “machine-readable medium” shallaccordingly be taken to include, but not be limited to, one or more datarepositories in the form of a solid-state memory (e.g., flash memory),an optical medium, a magnetic medium, other non-volatile memory (e.g.,Erasable Programmable Read-Only Memory (EPROM)), or any suitablecombination thereof. The term “machine-readable medium” specificallyexcludes non-statutory signals per se.

The I/O components 1350 may include a wide variety of components toreceive input, provide output, produce output, transmit information,exchange information, capture measurements, and so on. It will beappreciated that the I/O components 1350 may include many othercomponents that are not shown in FIG. 13. The I/O components 1350 aregrouped according to functionality merely for simplifying the followingdiscussion and the grouping is in no way limiting. In various exampleembodiments, the I/O components 1350 may include output components 1352and input components 1354. The output components 1352 may include visualcomponents (e.g., a display such as a plasma display panel (PDP), alight emitting diode (LED) display, a liquid crystal display (LCD), aprojector, or a cathode ray tube (CRT)), acoustic components (e.g.,speakers), haptic components (e.g., a vibratory motor), other signalgenerators, and so forth. The input components 1354 may includealphanumeric input components (e.g., a keyboard, a touch screenconfigured to receive alphanumeric input, a photo-optical keyboard, orother alphanumeric input components), point based input components(e.g., a mouse, a touchpad, a trackball, a joystick, a motion sensor, orother pointing instrument), tactile input components (e.g., a physicalbutton, a touch screen that provides location and force of touches ortouch gestures, or other tactile input components), audio inputcomponents (e.g., a microphone), and the like.

In further example embodiments, the I/O components 1350 may includebiometric components 1356, motion components 1358, environmentalcomponents 1360, or position components 1362 among a wide array of othercomponents. For example, the biometric components 1356 may includecomponents to detect expressions (e.g., hand expressions, facialexpressions, vocal expressions, body gestures, or eye tracking), measurebiosignals (e.g., blood pressure, heart rate, body temperature,perspiration, or brain waves), identify a person (e.g., voiceidentification, retinal identification, facial identification,fingerprint identification, or electroencephalogram basedidentification), and the like. The motion components 1358 may includeacceleration sensor components (e.g., accelerometer), gravitation sensorcomponents, rotation sensor components (e.g., gyroscope), and so forth.The environmental components 1360 may include, for example, illuminationsensor components (e.g., photometer), temperature sensor components(e.g., one or more thermometer that detect ambient temperature),humidity sensor components, pressure sensor components (e.g.,barometer), acoustic sensor components (e.g., one or more microphonesthat detect background noise), proximity sensor components (e.g.,infrared sensors that detect nearby objects), gas sensors (e.g., gasdetection sensors to detection concentrations of hazardous gases forsafety or to measure pollutants in the atmosphere), or other componentsthat may provide indications, measurements, or signals corresponding toa surrounding physical environment. The position components 1362 mayinclude location sensor components (e.g., a Global Position System (GPS)receiver component), altitude sensor components (e.g., altimeters orbarometers that detect air pressure from which altitude may be derived),orientation sensor components (e.g., magnetometers), and the like.

Communication may be implemented using a wide variety of technologies.The I/O components 1350 may include communication components 1364operable to couple the machine 1300 to a network 1380 or devices 1370via coupling 1382 and coupling 1372 respectively. For example, thecommunication components 1364 may include a network interface componentor other suitable device to interface with the network 1380. In furtherexamples, communication components 1364 may include wired communicationcomponents, wireless communication components, cellular communicationcomponents. Near Field Communication (NFC) components, Bluetooth®components (e.g., Bluetooth® Low Energy). Wi-Fi® components, and othercommunication components to provide communication via other modalities.The devices 1370 may be another machine or any of a wide variety ofperipheral devices (e.g., a peripheral device coupled via a UniversalSerial Bus (USB)).

Moreover, the communication components 1364 may detect identifiers orinclude components operable to detect identifiers. For example, thecommunication components 1364 may include Radio Frequency Identification(RFID) tag reader components, NFC smart tag detection components,optical reader components (e.g., an optical sensor to detectone-dimensional bar codes such as Universal Product Code (UPC) bar code,multi-dimensional bar codes such as Quick Response (QR) code, Azteccode, Data Matrix, Dataglyph, MaxiCode, PDF417. Ultra Code. UCC RSS-2Dbar code, and other optical codes), or acoustic detection components(e.g., microphones to identify tagged audio signals). In addition, avariety of information may be derived via the communication components1364, such as, location via Internet Protocol (IP) geo-location,location via Wi-Fi® signal triangulation, location via detecting a NFCbeacon signal that may indicate a particular location, and so forth.

Transmission Medium

In various example embodiments, one or more portions of the network 1380may be an ad hoc network, an intranet, an extranet, a virtual privatenetwork (VPN), a local area network (LAN), a wireless LAN (WLAN), a widearea network (WAN), a wireless WAN (WWAN), a metropolitan area network(MAN), the Internet, a portion of the Internet, a portion of the PublicSwitched Telephone Network (PSTN), a plain old telephone service (POTS)network, a cellular telephone network, a wireless network, a Wi-Fi®network, another type of network, or a combination of two or more suchnetworks. For example, the network 1380 or a portion of the network 1380may include a wireless or cellular network and the coupling 1382 may bea Code Division Multiple Access (CDMA) connection, a Global System forMobile communications (GSM) connection, or other type of cellular orwireless coupling. In this example, the coupling 1382 may implement anyof a variety of types of data transfer technology, such as SingleCarrier Radio Transmission Technology (1×RTT), Evolution-Data Optimized(EVDO) technology, General Packet Radio Service (GPRS) technology.Enhanced Data rates for GSM Evolution (EDGE) technology, thirdGeneration Partnership Project (3GPP) including 3G, fourth generationwireless (4G) networks. Universal Mobile Telecommunications System(UMTS), High Speed Packet Access (HSPA), Worldwide Interoperability forMicrowave Access (WiMAX), Long Term Evolution (LTE) standard, othersdefined by various standard setting organizations, other long rangeprotocols, or other data transfer technology.

The instructions 1316 may be transmitted or received over the network1380 using a transmission medium via a network interface device (e.g., anetwork interface component included in the communication components1364) and utilizing any one of a number of well-known transfer protocols(e.g., hypertext transfer protocol (HTTP)). Similarly, the instructions1316 may be transmitted or received using a transmission medium via thecoupling 1372 (e.g., a peer-to-peer coupling) to devices 1370. The term“transmission medium” shall be taken to include any intangible mediumthat is capable of storing, encoding, or carrying instructions 1316 forexecution by the machine 1300, and includes digital or analogcommunications signals or other intangible medium to facilitatecommunication of such software.

Furthermore, the machine-readable medium 1338 is non-transitory (inother words, not having any transitory signals) in that it does notembody a propagating signal. However, labeling the machine-readablemedium 1338 as “non-transitory” should not be construed to mean that themedium is incapable of movement; the medium should be considered asbeing transportable from one physical location to another. Additionally,since the machine-readable medium 1338 is tangible, the medium may beconsidered to be a machine-readable device.

Language

Throughout this specification, plural instances may implementcomponents, operations, or structures described as a single instance.Although individual operations of one or more methods are illustratedand described as separate operations, one or more of the individualoperations may be performed concurrently, and nothing requires that theoperations be performed in the order illustrated. Structures andfunctionality presented as separate components in example configurationsmay be implemented as a combined structure or component. Similarly,structures and functionality presented as a single component may beimplemented as separate components. These and other variations,modifications, additions, and improvements fall within the scope of thesubject matter herein.

Although an overview of the inventive subject matter has been describedwith reference to specific example embodiments, various modificationsand changes may be made to these embodiments without departing from thebroader scope of embodiments of the present disclosure. Such embodimentsof the inventive subject matter may be referred to herein, individuallyor collectively, by the term “invention” merely for convenience andwithout intending to voluntarily limit the scope of this application toany single disclosure or inventive concept if more than one is, in fact,disclosed.

The embodiments illustrated herein are described in sufficient detail toenable those skilled in the art to practice the teachings disclosed.Other embodiments may be used and derived therefrom, such thatstructural and logical substitutions and changes may be made withoutdeparting from the scope of this disclosure. The Detailed Description,therefore, is not to be taken in a limiting sense, and the scope ofvarious embodiments is defined only by the appended claims, along withthe full range of equivalents to which such claims are entitled.

As used herein, the term “or” may be construed in either an inclusive orexclusive sense. Moreover, plural instances may be provided forresources, operations, or structures described herein as a singleinstance. Additionally, boundaries between various resources,operations, modules, engines, and data stores are somewhat arbitrary,and particular operations are illustrated in a context of specificillustrative configurations. Other allocations of functionality areenvisioned and may fall within a scope of various embodiments of thepresent disclosure. In general, structures and functionality presentedas separate resources in the example configurations may be implementedas a combined structure or resource. Similarly, structures andfunctionality presented as a single resource may be implemented asseparate resources. These and other variations, modifications,additions, and improvements fall within a scope of embodiments of thepresent disclosure as represented by the appended claims. Thespecification and drawings are, accordingly, to be regarded in anillustrative rather than a restrictive sense.

What is claimed is:
 1. A computer implemented method, comprising:receiving a request to post content to an event gallery associated withan event, the request comprising activity data that records a screencapture operation performed on a device at a particular location, andidentification data identifying at least one of the device or a user ofthe device; performing a first authorization operation includingdetermining that the particular location is within a geo-location fenceassociated with the event; performing a second authorization operationincluding using the identification data to verify an attribute of theuser; and based on the first and second authorization operations,posting the content to the event gallery.
 2. The computer implementedmethod of claim 1, wherein the identification data comprises an IPaddress, and the second authorization operation comprises verifying thatthe IP address relates to an organization associated with the event. 3.The computer implemented method of claim 1, further comprising locatinga user profile, associated with the user, stored in a database, whereinthe second authorization operation includes extracting user profile datafrom the user profile in the database in order to verify the attributeof the user.
 4. The computer implemented method of claim 1, wherein therequest includes real-time visual data captured using the device, theattribute comprises a user visual attribute, and the verifying theattribute comprises comparing visual data of user profile data with thereal-time visual data, the user profile data being associated with theuser.
 5. The computer implemented method of claim 1, wherein verifyingthe attribute comprises identifying at least one communication with afurther user, the further user having made at least one communicationscontribution to a further event gallery associated with a further event.6. The computer implemented method of claim 5, wherein the event and thefurther event are both related to a common entity.
 7. The computerimplemented method of claim 1, wherein the attribute comprises a useractivity attribute.
 8. The computer implemented method of claim 1,wherein the event gallery is available for a specified transitoryperiod.
 9. The computer implemented method of claim 1, wherein the eventgallery comprises individual ephemeral messages shown in sequence.
 10. Asystem comprising: at least one processor; and at least one memorystoring instructions that, when executed by the at least one processor,cause the processor to perform operations comprising: receiving arequest to post content to an event gallery associated with an event,the request comprising activity data that records a screen captureoperation performed on a device at a particular location, andidentification data identifying at least one of the device or a user ofthe device; performing a first authorization operation includingdetermining that the particular location is within a geo-location fenceassociated with the event; performing a second authorization operationincluding using the identification data to verify an attribute of theuser; and based on the first and second authorization operations,posting the content to the event gallery.
 11. The system of claim 10,wherein the identification data comprises an IP address, and the secondauthorization operation comprises verifying that the IP address relatesto an organization associated with the event.
 12. The system of claim10, wherein the operations further comprise locating a user profile,associated with the user, stored in a database, and wherein the secondauthorization operation includes extracting user profile data from theuser profile in the database in order to verify the attribute of theuser.
 13. The system of claim 10, wherein the request includes real-timevisual data captured using the device, the attribute comprises a uservisual attribute, and the verifying the attribute comprises comparingvisual data of user profile data with the real-time visual data, theuser profile data being associated with the user.
 14. The system ofclaim 10, wherein verifying the attribute comprises identifying at leastone communication with a further user, the further user having made atleast one communications contribution to a further event galleryassociated with a further event.
 15. The system of claim 14, wherein theevent and the further event are both related to a common entity.
 16. Thesystem of claim 10, wherein the attribute comprises a user activityattribute.
 17. The system of claim 10, wherein the event gallery isavailable for a specified transitory period.
 18. The system of claim 10,wherein the event gallery comprises individual ephemeral messages shownin sequence.
 19. A system comprising: a communication component,implemented using at least one processor, to receive a request to postcontent to an event gallery associated with an event, the requestcomprising activity data that records a screen capture operationperformed on a device at a particular location, and identification dataidentifying at least one of the device or a user of the device; and anevent gallery component to: perform a first authorization operationincluding determining that the particular location is within ageo-location fence associated with the event; perform a secondauthorization operation including using the identification data toverify an attribute of the user; and based on the first and secondauthorization operations, posting the content to the event gallery. 20.The system of claim 19, wherein the request includes real-time visualdata captured using the device, the attribute comprises a user visualattribute, and the verifying the attribute comprises comparing visualdata of user profile data with the real-time visual data, the userprofile data being associated with the user.